AD-A008  290 


RELIABILITY  ANALYSIS  OF  PHASED  MISSIONS 

J .  D .  Esary ,  e  t  al 

Naval  Postgraduate  School 
Monterey,  California 

February  1975 


DISTRIBUTED  BY: 


National  Technical  Information  Service 
U.  S.  DEPARTMENT  OF  COMMERCE 


NAVAL  POSTGRADUATE  SCHOOL 
Monterey,  California 

Rear  Admiral  Isham  Linder  Jack  R.  Borst.ing 

Superintendent  Provost 


This  research  was  partially  supported  by  the  Office  of  Naval  Research 
(NR  042-300)  and  the  Strategic  Systems  Project  Office  (TA  19422) . 

This  paper  was  prepared  for  presentation  at  the  Conference  on 
Reliability  and  Fault  Tree  Analysis,  University  of  California  (Berkeley) , 

3-7  September  1974. 

Reproduction  of  all  or  part  of  this  report  is  authorized. 


Prepared  by: 


/  0.  _ 

James  D.  E3ary,  Profess oy 
Department  of  Operation®  Research 
and  Administrative  Sciences 


i 


h  /  - 

l  , 

1  K  v  •  vU  V 

Harold  Ziehms 


* 


_ mCL&SSlElED _ 

SECURITY  CLASSIFICATION  OF  THIS  PAGE  (Whan  Dm*  tntered) 


[  REPORT  DOCUMENTATION  PAGE 

READ  INSTRUCTIONS 

BEFORE  COMPLETING  FORM 

1  REPORT  NUMBER - 

NPS55Ey75021 

2.  OOVT  ACCESSION  NO. 

S.  RECIPIENT'S  CATALOG  NUMBER 

AD-AoOi'  2  C/G 

4.  TITLE  (end  Subtitle) 

Reliability  Analysis  of  Phased  Missions 

S.  TYPE  OF  REPORT  A  PERIOD  COVERED 

Technical  Report 

t.  PERFORMING  ORO.  REPORT  NUMBER 

7.  autmorc*; 

J.  D.  Esary  and  H.  Ziehms 

t.  CONTRACT  OR  GRANT  NUMBER(a> 

S  PERFORMING  ORGANIZATION  NAME  ANO  ADDRESS 

Naval  Postgraduate  School 

Monterey,  California  93940 

10.  PROGRAM  ELEMENT.  PROJECT,  TASK 
AREA  A  WORK  UNIT  NUMBERS 

61153N;  RR014-05-01; 

NR042-300;  WR5-0017 

11.  CONTROLLING  OFFICE  NAME  ANO  ADDRESS 

Chief  of  Naval  Research 

Arlington,  Virginia  22217 

12.  report  date 

February  1975 

IS.  NUMBER  OF  PAGES 

l4.  MONITORING  AGENCY  NAME  A  AODRES$<7<  dllletent  Irom  Controlling  Olllco) 

IS.  SECURITY  CLASS,  (ol  thle  report) 

Unclassified 

ita.  declassification/ DOWNGRADING 
schedule 

I*  DISTRIBUTION  STATEMENT  (ol  title  Repo rl) 


Approved  for  public  release;  distribution  unlimited. 


17.  DISTRIBUTION  STATEMENT  (ot  Iho  ebelrecl  entered  In  Block  20.  II  dlllerenl  hoot  Report) 


IS.  SUPPLEMENTARY  NOTES 


1*.  KEY  WORDS  (Continue  on  rover aa  elde  II  neceeeery  end  Identity  by  block  number) 

Reliability  Multi-Phase  Missions 

Phased  Missions  Coherent  Systems 

20.  ABSTRACT  (Continue  on  rover  re  elde  II  neceeeery  end  Identity  by  block  number) 

In  a  phased  mission  the  relevant  system  configuration  (block  diagram 
or  fault  tree)  changes  during  consecutive  time  periods  (phases) .  Many 
systems  are  required  to  perform  phased  missions.  A  classic  example  is  a 
space  vehicle. 

A  reliability  analysis  for  a  phased  mission  encounters  complexities 
not  present  with  just  one  phase,  but  can  be  transformed  into  an  analysis _ 


DD 


FORM 

1  JAN  7] 


1473 


EDITION  OF  I  NOV  AS  it  OBSOLETE 
S/N  0102-014"  ««01  | 


_ UNCLASSIFIED _ 

SECURITY  CLASSIFICATION  OF  THIS  RAOE  (When  Dele  Mntered) 


Block  20  continued. 
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direct  application,  or  can  be  used  to  study  various  computational  algorithms 
and  approximations. 


Reliability  Analysis  of  Phased  Missions 
J.  D.  Esary  and  H.  Ziehms 

Abstract.  In  a  phased  mission  the  relevant  system  configuration 
(block  diagram  or  fault  tree)  changes  during  consecutive  time  periods 
(phases).  Many  systems  are  required  to  perform  phased  missions.  A 
classic  example  is  a  space  vehicle. 

A  reliability  analysis  for  a  phased  mission  encounters  complexi¬ 
ties  not  present  with  just  one  phase,  but  can  be  transformed  into  an 
analysis  of  a  synthetic  single  phase  case.  The  transformation  has  a 
potential  for  direct  application,  or  can  be  used  to  study  various  com¬ 
putational  algorithms  and  approximations. 

1.  Introduction.  We  consider  a  system  which  consists  of  several 
components.  The  components  perform  independently  of  each  other,  and 
each  of  them  may  be  in  one  of  two  states,  functioning  or  failed.  It  is 
assumed  that  no  component  can  be  repaired  or  replaced.  Thus  each  com¬ 
ponent  functions  continuously  in  time  until  failure  occurs,  after  which 
it  remains  failed.  Esary  and  Marshall  [1964]  say  that  a  device  which 
displays  this  kind  of  behavior  has  a  life. 

The  system  performs  a  mission  which  can  be  divided  into  consecu¬ 
tive  time  periods,  or  phases.  During  each  phase  it  has  to  accomplish  a 
specified  task.  Thus  the  system  configuration  (a  subset  of  the  compo- 

Department  of  Operations  Research  and  Administrative  Sciences,  Naval 
Postgraduate  School,  Monterey,  California  93940.  This  research  was  par¬ 
tially  supported  by  the  Office  of  Naval  Research  (NR  042-300)  and  the 
Strategic  Systems  Project  Office  (TA  19422) . 


nents  and  their  functional  organization  which  can  be  represented,  for 
instance,  by  a  block  diagram  or  fault  tree)  changes  from  phase  to  phase. 
As  is  the  case  with  individual  components,  only  two  states  of  the  sys¬ 
tem  are  recognized,  functioning  or  failed. 

A  classic  example  of  a  phased  mission  is  the  voyage  of  a  space  ve¬ 
hicle,  but  many  other  systems  are  required  to  perform  phased  missions. 
To  illustrate  the  ideas  and  methods  of  this  paper  we  will  often  consid¬ 
er  the  following  hypothetical  situation. 

Example  1.1.  A  fire  department  has  three  vehicles; 

-  a  multipurpose  fire  engine  (M) , 

-  a  tanker  (T) , 

-  a  light  fire  truck  (L) . 

The  firefighting  equipment  of  a  small  chemical  factory  located  nearby 
consists  of; 

-  a  spri  nkler  system  (S) , 

-  a  hydrant  (H) , 

-  a  special  apparatus  for  fighting  chemical  fires  (F) . 

The  plant  safety  engineer  wonders  whether  the  combined  hardware  re¬ 
sources  of  the  fire  department  and  the  factory  are  sufficient  to  fight 
a  fire  in  the  factory.  He  consults  the  fire  chief,  and  together  they 
conclude: 

(1)  During  the  initial  stage  of  a  fire  either  the  multipurpose 
engine,  which  carries  a  small  water  supply,  or  the  light  truck,  provid¬ 
ed  the  sprinkler  system  works,  suffices  to  evacuate  the  building. 

(2)  To  contain  the  fire  the  factory's  special  apparatus  is  needed, 
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together  with  some  auxiliary  capability  from  the  multipurpose  engine  or 
the  light  truck.  Water  can  be  supplied  to  the  special  apparatus  and 
the  department's  units  by  the  hydrant,  or  if  it  is  out  of  order,  by  the 
tanker  through  pumps  in  the  multipurpose  engine. 

(3)  After  the  fire  has  been  contained  it  can  be  controlled  either 
by  the  special  apparatus  or  the  multipurpose  engine.  Again,  water  can 
be  supplied  by  the  hydrant  or  by  the  tanker  together  with  the  multipur¬ 
pose  engine. 

The  system  has  six  components  and  has  to  perform  a  three-phased 
mission.  0 

Given  the  survival  characteristics  of  the  components,  the  relevant 
system  configuration  in  each  phase,  and  the  duration  of  the  phases,  the 
problem  is  to  find  the  probability  that  the  system  will  function 
throughout  the  mission,  i.e.  the  mission  reliability  for  the  system. 

The  reliability  analysis  of  a  phased  mission  encounters  some  com¬ 
plexities  which  are  not  present  when  only  one  phase  is  considered.  It 
is  not  exact  to  do  a  standard  analysis  of  each  phase  separately,  and 
then  multiply  the  resulting  phase  reliabilities  together;  even  if  the 
age  of  the  components  at  the  beginning  of  each  phase  is  taken  into 
account.  The  implicit  assumption  involved,  that  each  component  is 
functioning  at  the  beginning  of  each  phase,  is  not  necessarily  true. 

The  following  example  illustrates  this  point. 

Example  1,2.  A  system  with  two  independent  components,  and 

C 2»  is  designed  for  a  two-phased  mission.  In  order  for  the  system  to 


perform  the  required  tasks  at  least  one  component  has  to  function 
through  phase  1  and  both  components  have  to  function  through  phase  2. 
The  block  diagram  for  this  system  is 


phase  I  phase  2 


je’or  k  *  1,2,  let  ir  ^  denote  the  probability  that  component 
functions  through  phase  1,  and  rr^  denote  the  conditional  probability 
that  component  functions  through  phase  2,  given  that  it  has  func¬ 

tioned  through  phase  1.  The  system  reliability  for  phase  1  is 

«  ir^  +  ir21  -  ir1l1I2l'  and  the  system  reliabi!ity  for  phase  2,  given 
that  both  components  have  functioned  through  phase  1,  is  =  *12*22' 
Multiplying  these  together  would  lead  to  the  mission  reliability 

IT  **  IT-  H*  ®  (IT,  .  ^  TT_,  —  TT,  ,  TT  -  )  TT  ,  TT  ^  ■ 

12  11  21  11  21  12  22 

This  is  greater  than  the  correct  mission  reliability,  which  is 


TT  TT  IT  IT  ^ 

11  12  21  22 


since  mission  success  is  achieved  if,  and  only  if,  both  components 
function  through  both  phases.  □ 

The  multi-phase  case  is  potentially  different  from  the  single¬ 
phase  case  in  another  respect.  With  just  one  phase,  if  each  component 
has  a  life  and  the  system  configuration  is  coherent  (represer  table  by  a 
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block  diagram  or  fault  tree  using  AND  and  OR  gates),  then  the  system 
has  a  life  (Esary  and  Marshall  [1964]).  In  the  multi-phase  case  this 
is  not  necessarily  true.  Even  if  all  components  have  lives  and  all 
phase  configurations  are  coherent,  the  system  may  not  have  a  life.  How 
this  can  happen  is  shown  in  the  next  example. 

Example  1.2.  A  two-component  system  is  designed  for  a  two-phase 
mission  with  the  phase  configurations  represented  by  the  block  diagram 


— (ED--  —\ 0 — 

phase  I  phase  2 

If  ir^j,  k  -  1,2,  j  »  1,2,  are  defined  as  in  Example  1.2,  then  there 
is  a  probability  (1  -  ir^)* 2j/22  t*5at  the  system  fai-ls  *n  phase  1, 
but  functions  again  in  phase  2.  In  this  sense  the  system  does  not  have 
a  life.  □ 

The  possible  resurrection  of  a  system  in  a  later  phase  does  not 
present  a  problem  in  the  reliability  analysis  of  phased  missions. 

Since  failure  of  the  system  in  even  one  phase  prevents  mission  success, 
it  will  always  be  assumed  that  the  life  of  the  system  ends  at  the  time 
of  its  first  failure.  By  contrast,  the  possible  resurrection  of  a  com¬ 
ponent  would  pose  a  much  more  serious  problem,  and  is  ruled  out  by  the 
assumption  that  all  components  have  lives. 

The  reliability  analysis  of  phased  missions  has  received  attention 
in  the  basic  papers  of  Rubin  [1964]  and  Weisberg  and  Schmidt  [1S66] . 
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These  authors  introduced  a  method  of  "cut  cancellation"  which  can  be 
advantageously  used  to  simplify  the  sequence  of  phase  configurations 
prior  to  beginning  reliability  calculations.  More  recently,  a  similar 
approach  is  described  in  the  United  States  Navy  reliability  manual 
NAVORD  OF  29304  Revision  A  [1973],  based  on  the  work  of  C.  Persels. 

The  purpose  of  this  paper  is  to  exhibit  a  transformation  which 
reduces  any  multi-phase  mission  to  an  equivalent,  synthetic,  single¬ 
phase  system.  Existing  algorithms  can  then  be  applied  to  compute  mis¬ 
sion  reliability.  However,  a  concomitant  apparent  increase  in  the 
number  of  components  may  aggravate  capacity  problems.  The  transforma¬ 
tion  can  also  be  used  to  study  refined  computational  algorithms,  and  to 
derive  bounds  on  mission  reliability.  Simple  instances  of  its  applica¬ 
tion  are  included. 


Mathematical  formulation  of  'the  phased  mission  problem. 


system  under  consideration  is  assumed  to  have  n  components,  labeled 


C^,...,Cn.  Each  component  has  a  life  and  hence  its  time  to  fail¬ 

ure,  or  life  length,  is  a  well  defined,  nonnegative  random  variable  T^. 
The  assumption  that  the  components  perform  independently  of  each  other 


formally  means  that  T^, . . .  ,T^  are  independent. 

For  each  component  and  all  times  t  £  0,  let  X^(t)  be  a 

Bernoulli  random  variable  defined  by 


Vcl 


1  if  component  C,  functions  at  time  t,  i.e. 
if  Tk  >  t, 

0  otherwise. 
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The  random  vari *ble  (t )  is  called  a  performance  state  indicator 

variable,  and  the  stochastic  process  (x^ft),  t  ^  0)  is  the  perform¬ 
ance  process  of  the  component  C^.  The  sample  paths  of  the  latter  have 
the  properties  that: 


(2.1) 


a)  Xk(t)  =  0  «  X^s)  =0,  s  >  t. 

b)  X^t)  =  1  ♦»  X^s)  =1,  0  «  s  <  t. 


Thus  a  sample  path  of  a  performance  process  is  non-increasing  and  con¬ 
tinuous  from  the  right,  as  indicated  in  Figure  2.1. 


x  Ct)  -  I 


Figure  2.1.  Performance  process  sample  path,  component  C  . 

For  each  t  i  0,  let  X(t)  =  (X,  (t),...,X  ( t ) )  be  the  perform- 
ance  state  indicator  vector  of  the  set  of  components.  Then  the  sto¬ 
chastic  process  {&(t),  t  £  0}  is  called  the  joint  performance  process 
of  the  components. 

The  use  of  performance  processes  to  represent  component  failure 
times  is  compatible  with  the  use  of  structure  functions  to  represent 
system  configurations  within  phases. 
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The  system  configuration  in  each  of  the  phases  can  be  described 
by  a  block  diagram  or  a  fault  tree  for  conceptual  purposes,  or  by  a 
structure  function  for  mathematical  analysis.  A  structure  function  is 


a  binary  function  $  of  binary  variables  x, which  relates  the 

in 

performance  state  of  the  system  to  the  performance  states  of  its  compo¬ 
nents;  with  $(x)  ■  ♦(x1,...,x  )  -  1  if  the  system  functions,  and 
$(x)  ■  0  otherwise,  where  x^  *  1  if  component  functions,  and 

■  0  otherwise. 

It  is  assumed  that  each  phase  configuration  of  a  system  is  coher¬ 
ent,  i.e.  can  be  represented  by  a  block  diagram  or  fault  tree  using  AND 
and  OR  gates.  If  a  configuration  is  coherent,  then  its  structure  func¬ 
tion  $  has  the  properties: 


a) 

♦  (x) 

-e- 

Al 

whenever  xfc  2:  y^,  k  =  l,...,n 

(2.2) 

b) 

*(0) 

=  (0, . 

• 

o 

ii 

o 

• 

• 

c) 

0(1) 

=  ♦(!,. 

..,1)  =  1. 

phose  I  phase  2  phase  3 


Figure  2.2.  Block  diagram  for  the  mission 
of  Example  1.1. 
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The  structure  functions  for  the  system  of  Example  1.1  are; 

for  phase  1,  "  XM  V  W 

for  phase  2,  ^  v  xj  v  x^) , 

for  phase  3,  -  xpxH  v  x^x^,  v  xH) . 

The  symbol  v  is  the  arithmetic  OR  operator,  i.e. 


X  V  x 
1  2 


1  if  Xj  *  1  or  x2  ■  1, 
0  if  ■  0  and  x2  -  0, 


or  for  computational  purposes,  xi  v  X2  "  X1  +  *2  "  X1X2 
-  1  -  <1  -  xx) (1  -  x2). 

The  phase  structure  functions  can  be  combined  with  the  component 
performance  processes  to  achieve  a  concise  mathematical  formulation  of 
the  phased  mission  problem. 

The  mission  is  assumed  to  be  divided  into  m  phases,  and  to  start 

at  time  t  ■  0.  For  j  ■  l,...,m,  the  time  at  which  phase  j  ends, 

and,  except  for  j  =  m,  the  next  phase  begins  is  denoted  by  t^.  The 

structure  function  appropriate  for  phase  j  is  denoted  by  <{> ^ .  The 

event  that  the  system  functions  during  phase  j  cam  be  expressed  as 

{$.  (X  (t . ) )  =  l},  and  the  event  that  the  system  functions  throughout 
J  ~  J 

the  mission  by  {$1(X(t.))  =  1,...,$  (X(t  ))  -  l}.  The  mission  relia- 

bility  for  the  system  is  the  probability  that  this  event  occurs.  Since 

♦  .  (X(t.)) ,  j  =  l,...,m,  are  Bernoulli  random  variables,  this  proba- 
3  ~  3 

bility  may  be  expressed  compactly  as 

(2.3)  p  .  PtTTj™!  yx'V’  ■  11  '  ETTj!1  fjlXItj)). 
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where  E  denotes  expectation. 

The  fact  reflected  in  (2.3),  that  the  sequential  operation  of 
phase  configurations  resembles  to  some  extent  the  serial  operation  of 
subsystems,  is  important  in  transforming  the  phased  mission  problem. 

3.  Transformation  of  a  multi-phase  mission  into  a  single-phase 
mission.  Complexities  in  the  reliability  analysis  of  phased  missions 
arise  because  a  component's  performance  in  each  phase  depends  on  its 
performance  in  previous  phases.  The  dependence,  however,  is  of  a  spe¬ 
cial  type.  A  component  functions  in  phase  j  if,  and  only  if,  it  has 
previously  functioned  in  phase  1,  and  in  phase  2,...,  and  in  phase  j-1, 
and  then  functions  in  phase  j.  This  sequence  of  requirements  suggests 
that  the  performance  of  a  component  in  phase  j  can  be  represented  by 
a  series-like  structure  whose  elements  represent  its  performance  in 
phases  1,  . . ., j. 

TO  be  more  specific,  suppose  that  component  is  replaced  by 

phase  j  by  a  system  of  components  C^, .  • .  ,0^ ,  performing  independ¬ 
ently  and  in  series.  In  block  diagram  format,  the  block 


is  replaced  in  phase  j  by 


ElI  E3 — B — 


In  fault  tree  format,  the  input  event  C.  (failure  of  component  C  ) 

Jv  Iv 

is  replaced  in  phase  j  by 
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Let  . U  be  independent  performance  state  indicator  vari- 


The  resulting  new  system,  which  has  (at  most)  n*m  independent  compo- 


nents,  is  the  equivalent  system.  As  will  be  shown  later,  the  ordinary 
reliability  of  the  equivalent  system  is  the  same  as  the  reliability  of 
the  original  system  for  its  phased  mission. 

As  an  illustration,  the  block  diagram  for  the  equivalent  system 
arising  out  of  Ibcample  1.1  is  shown  in  Figure  3.1  (cf.  the  block  dia¬ 
gram  for  the  phased  mission  shown  in  Figure  2.2). 


transformed 
configuration  3 


Figure  3.1.  Equivalent  system  for  the 
mission  of  Example  1.1. 
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In  the  equivalent  system  the  m  phase  configurations  which  oper¬ 
ated  in  sequence  become  m  subsystems  which  operate  in  series.  How¬ 
ever/  these  subsystems  usually  have  components  in  common  (cf.  Figure 
3.1)/  and  do  not  function  independently.  Thus  the  product  of  the  sub¬ 
system  reliabilities  is  in  general  not  equal  to  the  system  reliability/ 
as  is  illustrated  by  the  following  extension  of  Example  1.2. 

Example  3.1.  For  the  mission  described  in  Example  1.2,  the  equiv¬ 
alent  system  has  the  block  diagram 


subsystem  I  subsystem  2 


Letting  ir .  k  =  1,2,  j  =  1,2,  be  as  defined  in  Example  1.2,  and 

K] 

P)c2  *  *kl*k2'  ^  =  t*,e  subsystem  reliabilities  are 


*11  +  *21  "  *11*21 


P11  +  P21  "  P11P21' 


P  _  ■  W,  ,  TT,  _7T_,  TT_  _  =  P,„P__. 

2  11  12  21  22  12  22 

Their  product  p  =  p^p  is,  except  in  trivial  cases,  less  than  the 


u, , 7T,  it  tt  =  p, _p„ „  which  can  be  found 
11  12  21  22  12  22 


true  system  .eliability  p 
by  reducing  th<  block  diagram  to  its  simplest  form 
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The  true  reliability  for  the  equivalent  system  does  agree  with  the 
reliability  for  the  phased  mission  given  in  Example  1.2.  □ 

The  transformed  version  of  the  phase  j  configuration  functions 
if  the  event  .  (U^l/2* . .  )  -  1}  occurs,  where 

K.'1’  -  <uu . uni>-  •  lunuu . »„!»„,>•  equiv- 

a  lent  system  functions  if  the  event  *  1, 

...,  4n(U^U^2^ . .  .U^m* )  *  1)  occurs.  The  reliability  of  the  equiva¬ 
lent  system  is 


(3.2) 


It  remains  to  establish  that  the  reliability  of  the  equivalent 

system  agrees  with  the  mission  reliability  for  the  original  system,  i.e. 

that  p  as  given  by  (3.2)  agrees  with  p  as  given  by  (2.3).  This  is 

done  by  the  following  theorem  and  subsequent  remarks. 

Theorem  3.1.  Let  X,  ,...,X  be  a  non-increasing  sequence  of 
———————  x  m 

Bernoulli  random  variables,  i.e.  X,  2:  X_  £  ...  2  X  .  Let  U^,...,U 

12  m  l  m 

be  independent  Bernoulli  random  variables  with 


pf«L  -  1)  =  P[XX  *  1), 

P (Uj  •  1J  “  P[X_.  *  1 1 ^  =  1],  j  *  2,...,m. 

Then  X-,...,Xm  -St  U1,U1U_,...,U1U,...U  . 
i  m  112  12  m 

Proof .  It  is  only  necessary  to  show  for  each  non-increasing 
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binary  sequence  x,  i  x,  *  ...  *  x  ,  x  *  0  or  1,  j  ■  1,... 

l  2  o  j 

Pix.  ■  X.  i  •  •  •  i X  ■  x  ]  ■  P[M  ■  x.  »U.U,  *  x,» .  •  •  .U 

xi  m  m  11122  12m 

For  the  sequence  x.  »  0,  x  ■  0,  x  -0, 

x  2  m 

P[X.  -  -  0]  -  P[X,  -  0]  -  P[U.  -  0] 

x  n  x  x 

-  P[UX  -  -  0,...,U1U2...Um  -  0J. 


For  the  sequence  x  -  1,  x_  ■  1,  ...»  x  *  1, 

x  2  m 

/  P[X,  -  1,...,X  -  1]  -  P[X  -  llx  ,  *  1]... 
x  m  di  1  m-l 

...P[X2  -  i\x1  -  ljp^  =  l] 

»  piu  -  i]...pru_  =  ljptu.  *  i] 

in  2  X 

-  P[U.  -  i,u.u0  -  l,...,u.u_...u  -  1], 

X  12  12m 

For  any  other  sequence  x^  -  1,  j  x^  -  0,  j  - 


,m,  that 


1  $  •  •  •  #n\f 


P|xl  -  1 . \  ■  l'xUl  -  0 . Xm  -  01 

-  Ptxm  -  0 . XU1  *  °lxt  -  1 . X1  ’  11 

XP[X£  =  1,...,X1  -  1J 

-  P[X1+1  =  0|x£  =  1]P[XA  =  1,...^  -  1] 

-  P[U£+1  =  0]P[UA  =  1,...,^  *=  1] 

-  PIUX  =  1,...,U4  •=  lrU4+1  «  0] 

-  Ptux  =  1,1^  *  =■  1,... 

...,^...1^1)^  *  0f...,U1U2...UiB  -  0J.  □ 
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From  (2.1)  the  sequence  of  variables  X^ft^) , . . .  ,X.  (t^) ,  which  in¬ 
dicate  the  performance  of  component  at  the  end  of  each  phase,  is 

non- increasing.  Thus  for  U.,,...,U.  constructed  according  to  (3.1), 

Kl  Jan 

W'W . W  -st  \i'uki°k2 . VW"0!® 

Then,  since  component  failure  times,  and  consequently  component  per¬ 
formance  processes,  are  independent, 

x(t.),x(tj,...,x(t  )  »st  u(1),u(1V2),...,u(1)u(2)...u(n). 

Since  the  event  "success  in  the  phased  mission"  occurs  if 

(X  (t . ) )  ■  1,  j  -  l,...,m,  and  the  event  "functioning  of  the  equiv- 
J  ~  J 

alent  system"  occurs  if  (U^j/2* . .  )  ■  1,  j  ■  l,...,m,  then 

these  two  events  are  stochastically  equivalent.  Thus  p  as  given  by 
(2.3)  agrees  with  p  as  given  by  (3.2). 

4.  Sample  applications  of  the  transformation.  The  transformation 
described  in  Section  3  provides,  in  principle,  a  way  to  adapt  existing 
programs  for  computing  the  reliability  of  single-phase  systems  to  the 
computation  of  mission  reliabilities  for  phased  missions.  The  neces¬ 
sary  inputs  are  the  phase  configurations  and,  phase  by  phase,  the  con¬ 
ditional  probabilities  that  the  components  survive  the  phase,  given 
that  they  have  survived  the  previous  phases,  i.e.  the  component  condi¬ 
tional  phase  reliabilities 


(4.1) 


-kl“PIXk(tl)  -11' 


wkj  -  HVV  "  1lxk(tj-l)  "  11 '  j  “ 
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k  ■  l,...,n.  From  (3.1)  the  conditional  phase  reliabilities  are  the 
reliabilities  of  the  components  in  the  equivalent  s/stem.  The  program 
could  be  adapted  to  accomplish  steps  (a)  and  (b)  of  the  transformation 
internally,  and  then  to  find  the  reliability  of  the  equivalent  system. 

Direct  implementation  of  the  transformation  could  be  frustrated  by 
a  large  number  of  components  in  the  equivalent  system,  and  in  any  case 
may  not  be  the  most  efficient  approach.  However,  the  transformation 
may  also  be  used  to  study  refined  computational  algorithms,  and  bounds 
on  mission  reliaoility. 

For  instance,  it  is  possible  to  study  the  tempting  procedure  of 
estimating  mission  reliability  hy  computing  the  reliability  of  each 
phase  configuration  separately,  and  then  multiplying  the  results  to¬ 
gether.  There  are  at  least  two  choices  of  component  reliabilities  to 
use  in  doing  this;  the  conditional  phase  reliabilities  given  in  (4.1), 
or  the  component  (unconditional)  reliabilities  through  each  phase 

(4.2)  p,  j  =  P[X^(tj)  =  1]  *  TT"i=i  ^i •  3  =  1*  •  •  •  »m» 

k  *  l,...,n.  The  first  choice  leads  to  estimating  mission  reliability 
by 


(4*3)  -  TT j®!  yvj . Vj>' 

and  the  second  choice  to  estimating  mission  reliability  by 


(4.4) 


P  “  "^j-1  hj(Plj'*'"Pnj) 


where  in  both  cases  h^,  j  ■  l,...,m, 


are  the  reliability  functions 


for  the  p  tase  configurations.  The  reliability  function  of  a  system 
with  structure  function  4  is  defined  by 

h(p. , . . .  ,p  )  -  P[*(X. ,...,X J  -  1J  -  E*(X.,...,X  5, 
in  in  in 

where  X,  ,  ...,X  are  independent  Bernoulli  random  variables  with 
in 

PIXk  ■  11  ■  v  k  ■  1'***'n* 

The  following  remark  shows  that  (4.3)  gives  an  optimistic  result 
(cf.  Example  1.2)  and  that  (4.4)  gives  a  conservative  result  (cf.  Exam¬ 
ple  3.1). 

Remark  4.1.  For  w  as  given  by  (4.3),  p  as  given  by  (4.4),  and 
p  as  given  by  (2.3)  or  (3.2),  p  &  p  &  ir. 

Proof.  The  coherent  phase  configurations  have  non-decreasing 
structure  functions  from  (2.2),  and  , . .  .  ,U  ^  are  independent  by 

construction.  Thus 


«TTA  yj>ay2,-Jt(J,>  s  eTTA  ya 


<j>. 


IT  A  Ey2,j,> 


so  that  p  *  tt  from  (3.2)  and  (4.3). 

The  proof  that  p  *  p  uses  standard  properties  of  associated 
random  variables  (Barlow  and  Proschan  [1975] ,  Chapter  2,  or  Esary, 
Proschan,  and  Walkup  [1967]).  Since  U.  . ,  k  *  l,...,n,  j  *  l,...,m, 
are  independent,  and  thus  associated,  and  j  =  l,...,m,  are  non¬ 
decreasing,  then  ♦j  •  •  *£^) »  3  e  1»***»®»  are  associated. 

Therefore  the  inequality 
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TTj-i  EV~  £  •••£  )‘EITj«iV~  £  •••£ 


,(j) 


(1)„(2)  „(j) 


holds,  so  that  pip  from  (4.4)  and  (3.2).  □ 

The  transformation  can  provide  a  simple  rationale  for  the  cut  can¬ 
cellation  technique  of  Rubin,  Weisberg,  and  Schmidt.  Conversely,  cut 
cancellation  can  result  in  an  advantageous  simplification  of  the  earli¬ 
er  configurations  of  a  phased  mission,  prior  to  any  implementation  of 
the  transformation. 

For  instance,  the  sequence  of  phase  configurations  in  Example  1.2 
turned  out  ot  have  the  mission  reliability  p  -  P^2P22*  T^e  sec*uence 
of  phase  configurations 


— [Cj~]— [C] - 

phase  I  phase  2 

has  the  same  mission  reliability.  In  Example  1.2  the  only  minimal  cut 
set  in  phase  1,  {C^,C2),  contains  the  phase  2  minimal  cut  sets,  {c^} 
and  {c^} .  Thus  ^ci'C2^  can  "canceHed"  in  its  phase,  leaving  a 
configuration  which  can  never  fail. 

The  minirAl  cut  sets  of  a  (coherent)  phase  configuration  are  the 
minimal  (in  the  sense  of  set  inclusion)  combinations  of  components 
which  by  all  failing  cause  the  configuration  to  fail.  The  configura¬ 
tion  can  be  viewed  as  a  series  combination  of  subconfigurations,  each 
of  which  consists  of  the  components  in  a  minimal  cut  set  acting  in  par¬ 
allel  (Barlow  and  Proschan  (1975),  Chapter  1,  or  Birnbaum,  Esary,  and 
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Saunders  [1961]). 


The  rule  for  cut  cancellation  is: 

A  minimal  cut  set  in  a  phase  can  be  cancelled ,  i.e. 
omitted  from  the  list  of  minimal  cut  sets  for  tlat 
phase,  if  it  contains  a  minimal  cut  set  of  a  later  phase. 
A  slightly  more  typical  illustration  of  how  cut  cancellation 
works  is  given  in  the  following  example. 

Example  4.1.  A  mission  has  the  phase  configurations 


phase  I  phase  2 


The  minimal 

cut 

sets  are: 

in  phase  1  {c^} 

(C2'C3} 

in  phase  2  { C2 } 

{C1'C3} 

The  phase  1 

cut 

(C2>C3> 

contains  the  phase  2  cut 

{C2),  and  so  can 

be  cancelled  in  phase  1. 

No  cancellation  results  : 

from  the  fact  that 

the  phase  2 

cut 

{crc3} 

contains  the  phase  1  cut 

{c^h 

After  cancellation  the  sequence  of  phase  configurations  reduces  to 


phase  I 


phase  2 
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It  is  easy  to  verify  that  both  sequences  lead  to  the  same  mission 
reliability  by  comparing  their  equivalent  systems.  □ 

The  use  of  cut  cancellation  is  justified  by  the  following  remark. 
Remark  4.2.  Cut  cancellation  does  not  affect  mission  reliability. 
Proof.  A  formal  proof  of  the  remark  could  be  given  without  invok¬ 
ing  the  transformation,  but  its  use  provides  a  way  to  visualize  why  the 
remark  is  true,  and  further,  why  cut  cancellation  is  not  a  symmetric 
procedure. 

Simply  note  that  a  minimal  cut  set  of  the  phase  j  configuration, 

consisting  of  the  components,  say  C.,...,C#,  corresponds  to  a  paral- 

1  X* 

lei  and  series  array 


in  the  equivalent  system.  This  array  acts  in  a  series  with  the  similar 
arrays  corresponding  to  the  other  minimal  cut  sets,  whatever  their 
phase  of  origin.  Then  it  is  apparent  that  a  minimal  cut  set,  which 
contains  a  minimal  cut  set  from  a  later  phase,  can  be  cancelled  with  no 
e  .feet.  □ 

As  a  final  illustration  of  the  cut  cancellation  technique  we  can 
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consider  its  effect  on  the  mission  described  in  Example  1.1.  The 
minimal  cut  sets  for  this  mission  are,  before  cancellation: 
in  phase  1  {M,L}  {M,S} 

in  phase  2  {F}  {H,M}  {H,T>  {M,L} 

in  phase  3  {F,M}  {H,M}  {H,T} 

The  minimal  cut  sets  after  cancellation  are: 
in  phase  1  {M,S} 

in  phase  2  {F}  {M,L} 

in  phase  3  {F  M>  {H,K>  {H,t} 

A  block  diagram  for  the  simplified  sequence  of  phase  configurations  is 
shown  in  Figure  4.1. 


phase  I  phase  2  phise  3 


Figure  4.1.  Phase  configurations  for  the  mission 
of  Example  1.1  after  cut  cancellation. 

After  cancellation,  the  transformation  could  be  applied  to  obtain 
an  equivalent  system  simpler  than  the  one  shown  in  Figure  3.1.  Relia¬ 
bility  computations  would  be  simplified  accordingly. 
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